Seditio CMS 1.7.1 Password Disclosure

Credit: Arash Khazaei
Risk: High
Local: No
Remote: Yes

[+] Exploit Title: Seditio CMS Multiple Vulnerabilities [+] Google Dork: intext:"Powered by Seditio CMS" [+] Date: 27/7/2015 [+] Exploit Author: Arash Khazaei [+] Vendor Homepage: [+] Software Link: [+] Version: 1.7.1(Last Version) [+] Tested on: Kali , Windows [+] CVE : N/A =============================== Introduction : 1- a vulnerability in seditio cms reveal Admin Password For Attacker. 2- another Vulnerability in This CMS Is After Admin Logged Out Session Will Be Not Expired . =============================== Reaval Admin Password : POC 1: in seditio CMS If We Login With Remember Feature CMS Make COokies Like This : MTpfOjU4YjU0NDRjZjFiNjI1M2E0MzE3ZmUxMmRhZmY0MTFhNzhiZGEwYTk1Mjc5YjFkNTc2OGViZjVjYTYwODI5ZTc4ZGE5NDRlOGE5MTYwYTBiNmQ0MjhjYjIxM2U4MTM1MjVhNzI2NTBkYWM2N2I4ODg3OTM5NGZmNjI0ZGE0ODJmOl86c3BlY2lhbA== if we decode This base64 Encoded Text We Got This : 1:_:58b5444cf1b6253a4317fe12daff411a78bda0a95279b1d5768ebf5ca60829e78da944e8a9160a0b6d428cb213e813525a72650dac67b88879394ff624da482f:_:special If Look Between 1:_: We Have hashed Password Of Admin In This case Hashed Password Is admin1 . do If Admin Cookie Stealed site Admin Password Can Be Stealed By Attacker If Password Not Strong To Much. ================================================== POC 2: if admin cookie stealed by reason Anything If We Set Base64 Of Admin Password Like this : MTpfOjU4YjU0NDRjZjFiNjI1M2E0MzE3ZmUxMmRhZmY0MTFhNzhiZGEwYTk1Mjc5YjFkNTc2OGViZjVjYTYwODI5ZTc4ZGE5NDRlOGE5MTYwYTBiNmQ0MjhjYjIxM2U4MTM1MjVhNzI2NTBkYWM2N2I4ODg3OTM5NGZmNjI0ZGE0ODJmOl86c3BlY2lhbA== and set it on your self cookie you logged in as admin in site . Session Of Admin After Logged Out Never Will Be Expired . Discovered By : Arash Khazaei .

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021,


Back to Top